Skip to content
Commits on Jun 13, 2012
  1. @tenderlove

    3.0.15

    tenderlove committed
Commits on Jun 11, 2012
  1. @tenderlove

    bumping to 3.0.14

    tenderlove committed
  2. @tenderlove
Commits on May 31, 2012
  1. @tenderlove

    bumping to 3.0.13

    tenderlove committed
  2. @tenderlove

    Merge branch '3-0-stable-sec' into 3-0-rel

    tenderlove committed
    * 3-0-stable-sec:
      Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this!
      predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
Commits on May 30, 2012
  1. @tenderlove

    Strip [nil] from parameters hash.

    tenderlove committed
    Thanks to Ben Murphy for reporting this!
    
    CVE-2012-2660
    
    Conflicts:
    
    	actionpack/lib/action_dispatch/http/request.rb
Commits on May 28, 2012
  1. @tenderlove

    bumping to 3.0.13.rc1

    tenderlove committed
Commits on May 26, 2012
  1. @homakov

    do not force sanitize and whitelist protocols for auto_link

    homakov committed
    sanitize is not always required so we cannot make it. let's just
    whitelist protocols
Commits on May 25, 2012
  1. @homakov

    auto_link final sanitize

    homakov committed
Commits on Mar 27, 2012
  1. @tenderlove

    Merge pull request #5613 from carlosantoniodasilva/fix-build-3-0-193

    tenderlove committed
    Fix build for branch 3-0-stable - Ruby 1.9.3
  2. @josevalim @drogus
  3. @tenderlove @carlosantoniodasilva
Commits on Mar 26, 2012
  1. @carlosantoniodasilva

    Fix AV::FixtureResolver and rjs tests with random order errors

    carlosantoniodasilva committed
    Due to the hash ordering changes on Ruby 1.8.7-p358.
Commits on Mar 15, 2012
  1. @tenderlove

    Merge pull request #5456 from brianmario/redirect-sanitization

    tenderlove committed
    Strip null bytes from Location header
    Conflicts:
    
    	actionpack/test/controller/redirect_test.rb
Commits on Mar 1, 2012
  1. @tenderlove

    bumping to 3.0.12

    tenderlove committed
  2. @tenderlove

    Merge branch '3-0-stable-security' into 3-0-12

    tenderlove committed
    * 3-0-stable-security:
      Ensure [] respects the status of the buffer.
      use AS::SafeBuffer#clone_empty for flushing the output_buffer
      add AS::SafeBuffer#clone_empty
      fix output safety issue with select options
Commits on Feb 22, 2012
  1. @tenderlove

    updating RAILS_VERSION

    tenderlove committed
  2. @jonleighton
Commits on Feb 21, 2012
  1. @amatsuda @tenderlove
Commits on Feb 20, 2012
  1. @lest @tenderlove
Commits on Nov 19, 2011
  1. @jonleighton

    Don't html-escape the :count option to translate if it's a Numeric. F…

    jonleighton committed
    …ixes #3685.
    
    Conflicts:
    
    	actionpack/CHANGELOG.md
    
    Conflicts:
    
    	actionpack/CHANGELOG.md
Commits on Nov 18, 2011
  1. @jonleighton

    Preparing for 3.0.11 release

    jonleighton committed
Commits on Nov 17, 2011
  1. @lest @jonleighton

    _html translation should escape interpolated arguments

    lest committed with jonleighton
    Conflicts:
    
    	actionpack/CHANGELOG.md
  2. @jonleighton

    Implement a workaround for a bug in ruby-1.9.3p0.

    jonleighton committed
    The bug is that an error would be raised while attempting to convert a
    template from one encoding to another.
    
    Please see http://redmine.ruby-lang.org/issues/5564 for more details.
    
    The workaround is to load all conversions into memory ahead of time,
    and will only happen if the ruby version is *exactly* 1.9.3p0. The
    hope is obviously that the underlying problem will be resolved in
    the next patchlevel release of 1.9.3.
    
    Conflicts:
    
    	actionpack/CHANGELOG.md
Commits on Nov 16, 2011
  1. Added a missing parameter to relative_url_root= that was causing an A…

    mhuffnagle committed
    …rgumentError: wrong number of arguments (1 for 0) to be thrown at actionpack-3.0.10/lib/action_controller/railtie.rb:54.
Commits on Sep 27, 2011
  1. @parndt
Commits on Sep 11, 2011
  1. @misfo @jeremy

    prevent errors when passing a frozen string as a param to ActionContr…

    misfo committed with jeremy
    …oller::TestCase#process
    
    since ActionDispatch::Http::Parameters#encode_params will force encoding on all params strings (when using an encoding aware Ruby), dup all strings passed into process.  This prevents modification of params passed in and, more importantly, doesn't barf when a frozen string is passed
    thanks and high fives to kinsteronline
Commits on Sep 8, 2011
  1. @akaspick
  2. @akaspick

    when calling url_for with a hash, additional (likely unwanted) values…

    akaspick committed
    … (such as :host) would be returned in the hash... calling #dup on the hash prevents this
Commits on Sep 7, 2011
  1. @akaspick

    fix assert_select_email to work on non-multipart emails as well as co…

    akaspick committed
    …nverting the Mail::Body to a string to prevent errors.
Commits on Aug 31, 2011
  1. @tenderlove
Commits on Aug 16, 2011
  1. @tenderlove

    Merge branch '3-0-10' into 3-0-stable

    tenderlove committed
    * 3-0-10:
      bumping rails to 3.0.10
      properly subsituting bad utf8 characters
      Tags with invalid names should also be stripped in order to prevent XSS attacks.  Thanks Sascha Depold for the report.
      prevent sql injection attacks by escaping quotes in column names
      Properly escape glob characters.
      bumping to 3.0.10.rc1
      more changelog updates
      updating CHANGELOGs
  2. @tenderlove

    bumping rails to 3.0.10

    tenderlove committed
  3. @tenderlove

    Tags with invalid names should also be stripped in order to prevent

    tenderlove committed
    XSS attacks.  Thanks Sascha Depold for the report.
  4. @tenderlove
Something went wrong with that request. Please try again.